Feature #341: urilen option to match on raw uri - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #341

closed

urilen option to match on raw uri

Added by Victor Julien over 12 years ago. Updated over 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Anoop Saldanha

Target version:

1.2rc1

Effort:

Difficulty:

Label:

Description

By default Suricata's urilen matches on the normalized buffer. Snort 2.9.1 added support for matching on both the raw and normalized buffers:

urilen:min<>max[,<uribuf>];
urilen:[<|>]<number>[,<uribuf>];
<uribuf> : "norm" | "raw"

It seems that Snort selects the raw uri by default.

Files

0001-bug-341-support-for-urilen-check-on-both-norm-and-ra.patch (26.1 KB) 0001-bug-341-support-for-urilen-check-on-both-norm-and-ra.patch

Anoop Saldanha, 12/22/2011 04:26 AM

Actions

Copy link

Updated by Victor Julien over 12 years ago

Assignee changed from OISF Dev to Anoop Saldanha
Target version changed from 1.2beta1 to 1.2rc1
Estimated time set to 5.00 h

Actions

Copy link

Updated by Anoop Saldanha over 12 years ago

File 0001-bug-341-support-for-urilen-check-on-both-norm-and-ra.patch 0001-bug-341-support-for-urilen-check-on-both-norm-and-ra.patch added

patch attached.

Actions

Copy link

Updated by Victor Julien over 12 years ago

Status changed from New to Closed
% Done changed from 0 to 100

Applied, thanks Anoop!

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #341

urilen option to match on raw uri

Updated by Victor Julien over 12 years ago

Updated by Anoop Saldanha over 12 years ago

Updated by Victor Julien over 12 years ago